Chrome To Mark Non-HTTPS Sites As “Not Secure” Starting In June

Google has recently taken an aggressive step forward in the area of online security by announcing that it will mark all non-HTTPS sites as “not secure” starting in July. In this post we’ll break down what this means for the average internet user, and why HTTPS should matter to everyone.

So Long, HTTP

HyperText Transfer Protocol (HTTP) has been the backbone of internet communication for decades. Relied upon as the go-to protocol for almost every kind of online connection, HTTP has been connecting computers to websites for a long time. HTTPS is the same concept, just with an S for “secure,” which means that the HTTP connection also has a layer of encryption to protect the contents of the data packets as they move back and forth between hosts. Originally using SSL as its encryption protocol, and then moving to TLS in recent years, HTTPS is used for connections where sensitive data is being exchanged, such as email communication, online banking, registration forms that collect personal information, and e-commerce sites that take credit card information.

While most website providers have been content to use simple HTTP in cases where no sensitive communication is happening, Google has taken a giant leap forward by labeling all HTTP sites as insecure unless the site is changed to use HTTPS on every page and every connection. While a label of “not secure” doesn’t actually make the site insecure, Google is aiming for a play on users’ perceptions: If Chrome users lose faith in a website’s security, they will probably stop visiting that site, which means less traffic and revenue for the website owner. If enough users vacate a site based on their perception of its security, that company can experience a huge hit to its bottom line through lost revenue and dropped contracts with advertising partners.

Why This is a Win for Security-Minded Users

With the charge being led by the dominant browser in the market, the web is poised to become much more secure as website owners are forced to switch to HTTPS for all communication. By implementing end-to-end encryption on all online services, users’ data will be protected from attackers who would seek to monitor and intercept that data. And for the few stubborn providers that may refuse to implement HTTPS, users will see giant red flags warning them not to use the website, helping them avoid having their information stolen. These HTTP sites will surely be a target for attackers to host malware and snooping programs, and with Chrome helping to guide users away from these sites, the web will become a much safer place.

Not only will the security warning help to inform users, but Google has already been down ranking sites in its search results when it detects that HTTPS is not in use. This search filtering will only become more aggressive over time, allowing these unsecure sites to be pruned out and kept away from public view.

This move towards a safer web will be a giant win for the world of online security. We’re looking forward to an increased adoption rate of HTTPS as the July deadline draws closer, with the hope that all web traffic will leverage strong encryption algorithms to keep your data protected.